Sample code for 30+ languages & platforms
Swift

Create Signed SOAP XML for DIAN Colombia WCF Service

See more XAdES Examples

Demonstrates how to create a signed SOAP XML document for DIAN Colombia.

Chilkat Swift Downloads

Swift

func chilkatTest() {
    var success: Bool = false

    // This example requires the Chilkat API to have been previously unlocked.
    // See Global Unlock Sample for sample code.

    // This example will produce a signed SOAP XML message that looks like this:

    // <?xml version="1.0" encoding="utf-8"?>
    // <soap:Envelope xmlns:soap="http://www.w3.org/2003/05/soap-envelope" xmlns:wcf="http://wcf.dian.colombia">
    //     <soap:Header xmlns:wsa="http://www.w3.org/2005/08/addressing">
    //         <wsse:Security xmlns:wsse="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">
    //             <wsu:Timestamp wsu:Id="TS-F25839120CBA3ECDAD68754D0443A667636FDA68">
    //                 <wsu:Created>2019-08-23T23:03:01Z</wsu:Created>
    //                 <wsu:Expires>2019-08-24T15:43:01Z</wsu:Expires>
    //             </wsu:Timestamp>
    //             <wsse:BinarySecurityToken EncodingType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary" 
    // 			ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3" 
    // 			wsu:Id="ABCXYZ-9F0F7E15A59816E680B4735080A789DC1EED6C9C">MIIG8jCCBd ... zLjGQUB6lcz</wsse:BinarySecurityToken>
    //             <ds:Signature Id="SIG-F25839120CBA3ECDAD68754D0443A667636FDA68" xmlns:ds="http://www.w3.org/2000/09/xmldsig#">
    //                 <ds:SignedInfo>
    //                     <ds:CanonicalizationMethod Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
    //                         <ec:InclusiveNamespaces PrefixList="wsa soap wcf" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    //                     </ds:CanonicalizationMethod>
    //                     <ds:SignatureMethod Algorithm="http://www.w3.org/2001/04/xmldsig-more#rsa-sha256"/>
    //                     <ds:Reference URI="#ID-F25839120CBA3ECDAD68754D0443A667636FDA68">
    //                         <ds:Transforms>
    //                             <ds:Transform Algorithm="http://www.w3.org/2001/10/xml-exc-c14n#">
    //                                 <ec:InclusiveNamespaces PrefixList="soap wcf" xmlns:ec="http://www.w3.org/2001/10/xml-exc-c14n#"/>
    //                             </ds:Transform>
    //                         </ds:Transforms>
    //                         <ds:DigestMethod Algorithm="http://www.w3.org/2001/04/xmlenc#sha256"/>
    //                         <ds:DigestValue>gSIKtjS/BKA2bgecXkM8lYVBDqlXcU3juNYT9a+bSnM=</ds:DigestValue>
    //                     </ds:Reference>
    //                 </ds:SignedInfo>
    //                 <ds:SignatureValue>sL7rOdyfkEnKgJja0eWrv ... YqG0T0pflBsGW9zXkjQ9NvAw==</ds:SignatureValue>
    //                 <ds:KeyInfo Id="KI-F25839120CBA3ECDAD68754D0443A667636FDA68">
    //                     <wsse:SecurityTokenReference wsu:Id="STR-F25839120CBA3ECDAD68754D0443A667636FDA68">
    //                         <wsse:Reference URI="#ABCXYZ-9F0F7E15A59816E680B4735080A789DC1EED6C9C" ValueType="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3"/>
    //                     </wsse:SecurityTokenReference>
    //                 </ds:KeyInfo>
    //             </ds:Signature>
    //         </wsse:Security>
    //         <wsa:Action>http://wcf.dian.colombia/IWcfDianCustomerServices/GetStatus</wsa:Action>
    //         <wsa:To wsu:Id="ID-F25839120CBA3ECDAD68754D0443A667636FDA68" xmlns:wsu="http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd">https://vpfe-hab.dian.gov.co/WcfDianCustomerServices.svc</wsa:To>
    //     </soap:Header>
    //     <soap:Body>
    //         <wcf:GetStatus>
    //             <wcf:trackId>123456666</wcf:trackId>
    //         </wcf:GetStatus>
    //     </soap:Body>
    // </soap:Envelope>

    // Use this online tool to generate code from sample Signed XML: 
    // Generate Code to Create Signed XML

    success = true
    // Create the XML to be signed...
    let xmlToSign = CkoXml()!
    xmlToSign.tag = "soap:Envelope"
    xmlToSign.addAttribute(name: "xmlns:soap", value: "http://www.w3.org/2003/05/soap-envelope")
    xmlToSign.addAttribute(name: "xmlns:wcf", value: "http://wcf.dian.colombia")
    xmlToSign.updateAttrAt(tagPath: "soap:Header", autoCreate: true, attrName: "xmlns:wsa", attrValue: "http://www.w3.org/2005/08/addressing")
    xmlToSign.updateAttrAt(tagPath: "soap:Header|wsse:Security", autoCreate: true, attrName: "xmlns:wsse", attrValue: "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-secext-1.0.xsd")
    xmlToSign.updateAttrAt(tagPath: "soap:Header|wsse:Security", autoCreate: true, attrName: "xmlns:wsu", attrValue: "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd")
    xmlToSign.updateAttrAt(tagPath: "soap:Header|wsse:Security|wsu:Timestamp", autoCreate: true, attrName: "wsu:Id", attrValue: "TS-F25839120CBA3ECDAD68754D0443A667636FDA68")
    xmlToSign.updateChildContent(tagPath: "soap:Header|wsse:Security|wsu:Timestamp|wsu:Created", value: "2019-08-23T23:03:01Z")
    xmlToSign.updateChildContent(tagPath: "soap:Header|wsse:Security|wsu:Timestamp|wsu:Expires", value: "2019-08-24T15:43:01Z")
    xmlToSign.updateAttrAt(tagPath: "soap:Header|wsse:Security|wsse:BinarySecurityToken", autoCreate: true, attrName: "EncodingType", attrValue: "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-soap-message-security-1.0#Base64Binary")
    xmlToSign.updateAttrAt(tagPath: "soap:Header|wsse:Security|wsse:BinarySecurityToken", autoCreate: true, attrName: "ValueType", attrValue: "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3")
    xmlToSign.updateAttrAt(tagPath: "soap:Header|wsse:Security|wsse:BinarySecurityToken", autoCreate: true, attrName: "wsu:Id", attrValue: "ABCXYZ-9F0F7E15A59816E680B4735080A789DC1EED6C9C")
    xmlToSign.updateChildContent(tagPath: "soap:Header|wsse:Security|wsse:BinarySecurityToken", value: "BinarySecurityToken_Base64Binary_Content")
    xmlToSign.updateChildContent(tagPath: "soap:Header|wsa:Action", value: "http://wcf.dian.colombia/IWcfDianCustomerServices/GetStatus")
    xmlToSign.updateAttrAt(tagPath: "soap:Header|wsa:To", autoCreate: true, attrName: "wsu:Id", attrValue: "ID-F25839120CBA3ECDAD68754D0443A667636FDA68")
    xmlToSign.updateAttrAt(tagPath: "soap:Header|wsa:To", autoCreate: true, attrName: "xmlns:wsu", attrValue: "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-wssecurity-utility-1.0.xsd")
    xmlToSign.updateChildContent(tagPath: "soap:Header|wsa:To", value: "https://vpfe-hab.dian.gov.co/WcfDianCustomerServices.svc")
    xmlToSign.updateChildContent(tagPath: "soap:Body|wcf:GetStatus|wcf:trackId", value: "123456666")

    let gen = CkoXmlDSigGen()!

    gen.sigLocation = "soap:Envelope|soap:Header|wsse:Security"
    gen.sigLocationMod = 0
    gen.sigId = "SIG-F25839120CBA3ECDAD68754D0443A667636FDA68"
    gen.sigNamespacePrefix = "ds"
    gen.sigNamespaceUri = "http://www.w3.org/2000/09/xmldsig#"
    gen.signedInfoCanonAlg = "EXCL_C14N"
    gen.signedInfoDigestMethod = "sha256"

    // Set the KeyInfoId before adding references..
    gen.keyInfoId = "KI-F25839120CBA3ECDAD68754D0443A667636FDA68"

    // -------- Reference 1 --------
    gen.addSameDocRef(id: "ID-F25839120CBA3ECDAD68754D0443A667636FDA68", digestMethod: "sha256", canonMethod: "EXCL_C14N", prefixList: "soap wcf", refType: "")

    // Provide a certificate + private key. (PFX password is test123)
    let cert = CkoCert()!
    success = cert.loadPfxFile(path: "qa_data/pfx/cert_test123.pfx", password: "test123")
    if success != true {
        print("\(cert.lastErrorText!)")
        return
    }

    gen.setX509Cert(cert: cert, usePrivateKey: true)

    gen.keyInfoType = "Custom"

    // Create the custom KeyInfo XML..
    let xmlCustomKeyInfo = CkoXml()!
    xmlCustomKeyInfo.tag = "wsse:SecurityTokenReference"
    xmlCustomKeyInfo.addAttribute(name: "wsu:Id", value: "STR-F25839120CBA3ECDAD68754D0443A667636FDA68")
    xmlCustomKeyInfo.updateAttrAt(tagPath: "wsse:Reference", autoCreate: true, attrName: "URI", attrValue: "#ABCXYZ-9F0F7E15A59816E680B4735080A789DC1EED6C9C")
    xmlCustomKeyInfo.updateAttrAt(tagPath: "wsse:Reference", autoCreate: true, attrName: "ValueType", attrValue: "http://docs.oasis-open.org/wss/2004/01/oasis-200401-wss-x509-token-profile-1.0#X509v3")

    xmlCustomKeyInfo.emitXmlDecl = false
    gen.customKeyInfoXml = xmlCustomKeyInfo.getXml()

    // Load XML to be signed...
    let sbXml = CkoStringBuilder()!
    xmlToSign.getSb(sb: sbXml)

    // Update BinarySecurityToken_Base64Binary_Content with the actual X509 of the signing cert.
    let bdCert = CkoBinData()!
    cert.exportDerBd(cerData: bdCert)

    var nReplaced: Int = sbXml.replace(value: "BinarySecurityToken_Base64Binary_Content", replacement: bdCert.getEncoded(encoding: "base64")).intValue

    gen.behaviors = "IndentedSignature"

    // Sign the XML...
    success = gen.createXmlDSigSb(sbXml: sbXml)
    if success != true {
        print("\(gen.lastErrorText!)")
        return
    }

    // -----------------------------------------------

    // Save the signed XML to a file.
    success = sbXml.writeFile(path: "qa_output/signedXml.xml", charset: "utf-8", emitBom: false)

    print("\(sbXml.getAsString()!)")

    // ----------------------------------------
    // Verify the signatures we just produced...
    let verifier = CkoXmlDSig()!
    success = verifier.loadSignatureSb(sbXmlSig: sbXml)
    if success != true {
        print("\(verifier.lastErrorText!)")
        return
    }

    var numSigs: Int = verifier.numSignatures.intValue
    var verifyIdx: Int = 0
    while verifyIdx < numSigs {
        verifier.selector = verifyIdx
        var verified: Bool = verifier.verifySignature(verifyReferenceDigests: true)
        if verified != true {
            print("\(verifier.lastErrorText!)")
            return
        }

        verifyIdx = verifyIdx + 1
    }

    print("All signatures were successfully verified.")

    // --------------------------------------------------------------------------------
    // Also see Chilkat's Online WSDL Code Generator
    // to generate code and SOAP Request and Response XML for each operation in a WSDL.
    // --------------------------------------------------------------------------------

}